CN112565272A - Method and device for blocking minimum Steiner tree of double-layer network and computer equipment - Google Patents

Method and device for blocking minimum Steiner tree of double-layer network and computer equipment Download PDF

Info

Publication number
CN112565272A
CN112565272A CN202011432308.5A CN202011432308A CN112565272A CN 112565272 A CN112565272 A CN 112565272A CN 202011432308 A CN202011432308 A CN 202011432308A CN 112565272 A CN112565272 A CN 112565272A
Authority
CN
China
Prior art keywords
layer network
layer
link
physical layer
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011432308.5A
Other languages
Chinese (zh)
Other versions
CN112565272B (en
Inventor
朱先强
周鋆
严经文
朱承
丁兆云
吕国栋
刘毅
黄松平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202011432308.5A priority Critical patent/CN112565272B/en
Publication of CN112565272A publication Critical patent/CN112565272A/en
Application granted granted Critical
Publication of CN112565272B publication Critical patent/CN112565272B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/10Geometric CAD
    • G06F30/18Network design, e.g. design based on topological or interconnect aspects of utility systems, piping, heating ventilation air conditioning [HVAC] or cabling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/02CAD in a network environment, e.g. collaborative CAD or distributed simulation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/04Constraint-based CAD
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Geometry (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Computational Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to a double-layer network minimum Steiner tree blocking method, a double-layer network minimum Steiner tree blocking device, computer equipment and a storage medium. The method comprises the following steps: the method comprises the steps of constructing a two-layer planning objective function with blocking decision variables of a defender on a physical layer network and selection decision variables of an aggressor on a link selected by the physical layer network as parameters, a logical layer link selection constraint function of the aggressor on the link selected by the logical layer network, and a physical layer link selection constraint function of the aggressor on the link selected by the physical layer network, obtaining a double-layer planning model of minimum Steiner tree blocking of the double-layer network according to the functions and the preset blocking resource total amount, and solving to obtain a blocking strategy of the defender on the physical layer network. The method and the device utilize the corresponding relation between the logic layer and the physical layer in the double-layer network, and obtain the shortest path of the physical layer to be selected by the attacking party according to the logic function aimed by the game of the attacking and defending parties of the network, so that the defending party can maximize the attack and occupation cost of the current shortest physical path.

Description

Method and device for blocking minimum Steiner tree of double-layer network and computer equipment
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for blocking a minimum steiner tree in a two-layer network, a computer device, and a storage medium.
Background
With the rapid development of information and communication technologies, more and more functional systems are beginning to be built on an information network, constituting a layered network system including a plurality of network layers. Layered network systems are widely applied to industries, military and other civil industries, so that the research on the network blocking problem of a multilayer network is very important to ensure the network security.
Network blocking refers to the act of hindering or destroying certain nodes or links in the network in order to reduce certain performance or performance of the network, and is generally expressed as an optimization problem with the characteristics of gaming. A two-person zero-sum gambling problem on a logical-physical two-tier network that includes one aggressor and one defender. The goal of the aggressor is to find a path between two specific nodes in the logic network and minimize the cost of the path; the target of the defender is to deploy a blocking strategy under a certain resource limiting condition, so that the cost of finding by an attacker is as large as possible. When the cost of attacking the physical link is the attack cost, the physical link cost is no longer cumulatively added, but can be calculated only once. The transition of the Network parameter setting can cause the blocking game of the two parties to become a complex logic-Physical Network minimum Steiner Tree blocking problem (LPNMSTI).
At present, research on blocking problems is mainly carried out on a single-layer network, research on key nodes and links close to the blocking problems is mainly focused on ranking based on network structure measurement indexes in a multilayer network, only a small amount of research discusses technical details in multilayer network blocking, and a complete minimum Steiner tree blocking method of a double-layer network is not given.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a method, an apparatus, a computer device and a storage medium for blocking a minimum steiner tree in a two-layer network.
A method of two-tier network minimum steiner tree blocking, the method comprising:
obtaining a physical layer network of a double-layer network according to a device accessed to the double-layer network and a communication link between the devices, and obtaining a logical layer network of the double-layer network according to a logical function of the device and a logical relationship between the devices;
acquiring the cost value of the physical layer path, and constructing a two-layer planning objective function with the blocking decision variable of a defender in the physical layer network and the selection decision variable of an aggressor in a link selected by the physical layer network as parameters;
constructing a logic layer link selection constraint function of the link selected by the aggressor in the logic layer network according to the link in the logic layer network;
constructing a physical layer link selection constraint function of a link selected by an aggressor in the physical layer network according to the link in the physical layer network;
obtaining a double-layer planning model blocked by the minimum Steiner tree of the double-layer network according to the two-layer planning objective function, the logic layer link selection constraint function, the physical layer link selection constraint function and the preset total blocking resources;
and solving the double-layer planning model, and obtaining a blocking strategy of the defender on the physical layer network according to a solving result.
In one embodiment, the method further comprises the following steps: acquiring the cost value of the physical layer path, and constructing a two-layer planning objective function with the blocking decision variable of a defender in the physical layer network and the selection decision variable of an aggressor in a link selected by the physical layer network as parameters as follows:
Figure BDA0002826930550000021
wherein v is*Representing the two-layer planning objective function, and x represents a blocking decision variable of a defender at the second network layer; z represents a selection decision variable for an aggressor to select a link at the second network layer, ApRepresenting a set of edges in the second network layer, i, j being an integer, cijRepresenting an attack cost parameter, d, of a second link of the second set of linksijRepresents an increment, x, of a link cost of a second link of the second set of links due to blocking behaviorijDenotes the element in x, zijRepresenting the elements in z.
In one embodiment, according to the links in the logical layer network, the logical layer link selection constraint function for constructing the link selected by the aggressor in the logical layer network is as follows:
Figure BDA0002826930550000031
Figure BDA0002826930550000032
wherein s represents the starting point of the link selected by the attacking party in the logic layer network, t represents the terminal point of the link selected by the attacking party in the logic layer network, y represents the link selected by the attacking party in the logic layer network, a and b are integers, y is the same as the integerab、ybaDenotes the element in y, AlRepresenting a set of edges, N, in the logical layer networklRepresenting a set of points in the logical layer network, m representing the logicSet of nodes, m, comprised by link y in a layer networkaRepresents an element in m.
In one embodiment, according to the links in the physical layer network, constructing a physical layer link selection constraint function of the link selected by the aggressor in the physical layer network is as follows:
θ=HTm
Figure BDA0002826930550000033
Figure BDA0002826930550000034
Figure BDA0002826930550000035
Figure BDA0002826930550000036
wherein, theta represents a node vector included in the selected link in the physical layer network, and H is NlA transition matrix of x Np representing a correspondence between nodes in the logical layer network and nodes in the physical layer network, NpRepresenting a set of points in the physical layer network, k representing a node included in the physical layer network, θkDenotes the element in theta, fkA path variable representing a path from a start point to a point k in the physical-layer network,
Figure BDA0002826930550000037
denotes fkOf (1).
In one embodiment, the blocking policy includes a shortest path of the physical layer network and a blocking resource configuration parameter that maximizes a shortest path attack cost value of the physical layer network;
after solving the double-layer planning model and obtaining a blocking strategy of a defender on the physical layer network according to a solving result, the method further comprises the following steps:
and performing path blocking on the shortest path according to the blocking resource configuration parameters.
In one embodiment, the double-layer planning model is solved through a Benders decomposition algorithm, and a blocking strategy of a defender on the physical layer network is obtained according to a solving result.
In one embodiment, the cost of the physical layer path is a single computational cost.
A two-tier network minimum steiner tree blocking device, the device comprising:
the network layer building module is used for obtaining a physical layer network of the layered network according to equipment accessed into the layered network and a communication link between the equipment, and obtaining a logical layer network of the layered network according to a logical function of the equipment and a logical relationship between the equipment;
the two-layer planning objective function building module is used for obtaining the attack cost value of the physical layer path and building a two-layer planning objective function with the blocking decision variable of a defender in the physical layer network and the selection decision variable of an attack party in a link selected by the physical layer network as parameters;
the logic layer link selection constraint function building module is used for building a logic layer link selection constraint function of a link selected by an attack party on a logic layer network according to the link in the logic layer network;
the physical layer link selection constraint function building module is used for building a physical layer link selection constraint function of a link selected by an attack party on a physical layer network according to the link in the physical layer network;
the double-layer planning model building module is used for obtaining a double-layer planning model blocked by the double-layer network minimum Steiner tree according to the two-layer planning objective function, the logic layer link selection constraint function, the physical layer link selection constraint function and the preset total blocking resources;
and the blocking strategy acquisition module is used for solving the double-layer planning model and obtaining a blocking strategy of the defender on the physical layer network according to a solving result.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
obtaining a physical layer network of a double-layer network according to a device accessed to the double-layer network and a communication link between the devices, and obtaining a logical layer network of the double-layer network according to a logical function of the device and a logical relationship between the devices;
acquiring the cost value of the physical layer path, and constructing a two-layer planning objective function with the blocking decision variable of a defender in the physical layer network and the selection decision variable of an aggressor in a link selected by the physical layer network as parameters;
constructing a logic layer link selection constraint function of the link selected by the aggressor in the logic layer network according to the link in the logic layer network;
constructing a physical layer link selection constraint function of a link selected by an aggressor in the physical layer network according to the link in the physical layer network;
obtaining a double-layer planning model blocked by the minimum Steiner tree of the double-layer network according to the two-layer planning objective function, the logic layer link selection constraint function, the physical layer link selection constraint function and the preset total blocking resources;
and solving the double-layer planning model, and obtaining a blocking strategy of the defender on the physical layer network according to a solving result.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
obtaining a physical layer network of a double-layer network according to a device accessed to the double-layer network and a communication link between the devices, and obtaining a logical layer network of the double-layer network according to a logical function of the device and a logical relationship between the devices;
acquiring the cost value of the physical layer path, and constructing a two-layer planning objective function with the blocking decision variable of a defender in the physical layer network and the selection decision variable of an aggressor in a link selected by the physical layer network as parameters;
constructing a logic layer link selection constraint function of the link selected by the aggressor in the logic layer network according to the link in the logic layer network;
constructing a physical layer link selection constraint function of a link selected by an aggressor in the physical layer network according to the link in the physical layer network;
obtaining a double-layer planning model blocked by the minimum Steiner tree of the double-layer network according to the two-layer planning objective function, the logic layer link selection constraint function, the physical layer link selection constraint function and the preset total blocking resources;
and solving the double-layer planning model, and obtaining a blocking strategy of the defender on the physical layer network according to a solving result.
The double-layer network minimum Steiner tree blocking method, the device, the computer equipment and the storage medium obtain a physical layer network and a logical layer network of a layered network through equipment, communication links among the equipment, equipment logical functions and logical relations among the equipment which are accessed into the layered network, construct a two-layer planning target function which takes a blocking decision variable of a defending party on the physical layer network and a selection decision variable of a selecting link of an attacking party on the physical layer network as parameters, a logical layer link selection constraint function of the selecting link of the attacking party on the logical layer network and a physical layer link selection constraint function of the selecting link of the attacking party on the physical layer network, and obtain a double-layer planning model of the minimum Steiner tree blocking of the double-layer network according to the two-layer planning target function, the logical layer link selection constraint function, the physical layer link selection constraint function and the preset blocking resource total amount, and solving the double-layer planning model to obtain a blocking strategy of the defender on the physical layer network. The method and the device utilize the corresponding relation between the logic layer and the physical layer in the double-layer network, and obtain the shortest path of the physical layer to be selected by the attacking party according to the logic function aimed by the game of the attacking and defending parties of the network, so that the defending party can maximize the attack and occupation cost of the current shortest physical path.
Drawings
FIG. 1 is a diagram illustrating an exemplary scenario for implementing a minimum Steiner Tree blocking method in a two-tier network;
FIG. 2 is a flow diagram illustrating a method for minimum Steiner tree blocking in a two-tier network according to an embodiment;
FIG. 3 is a block diagram of an apparatus for a minimum Steiner Tree blocking method in a two-tier network according to an embodiment;
FIG. 4 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The minimum Steiner tree blocking method for the double-layer network can be applied to the double-layer network shown in FIG. 1. The two-layer network includes a logical layer and a physical layer, nodes a to K of the physical layer respectively correspond to a plurality of devices accessing the hierarchical network, and edges between the nodes represent physical communication links between the devices. The logical function of the device corresponding to the physical layer node A is to acquire original data, so that the physical layer node A corresponds to a sensor node of a logical layer; the logical function of the device corresponding to physical layer node D, J, G is to process raw data, and thus corresponds to processor 1 node, processor 2 node, and processor 3 node of the logical layer, respectively; the physical layer node L corresponds to a logical function of the device that performs an influencing action based on the raw data processing result and thus corresponds to an effector node of the logical layer. It should be noted that the minimum steiner tree blocking method for the two-layer network provided by the present application can be applied to the two-layer network including other network layers besides the two-layer network shown in fig. 1. The nodes in the double-layer network can correspond to various physical entities including objects and living beings, edges among the nodes can represent information transmission, mutual relations and the like among the physical entities, and the functions and the number of network layers in the double-layer network can be selected and adjusted according to specific application scenes.
In one embodiment, as shown in fig. 2, a method for minimum steiner tree blocking in a two-layer network is provided, which is described by taking the method as an example applied to the two-layer network in fig. 1, and includes the following steps:
step 202, obtaining a physical layer network of the double-layer network according to the device accessed to the double-layer network and the communication link between the devices, and obtaining a logical layer network of the double-layer network according to the logical function of the device and the logical relationship between the devices.
In layered network systems such as a physical match-play system, an internet of things and the like, functional cooperation and dependency relationship exist among devices such as information sensing devices, information processing devices, information fusion devices, effector devices and the like. In the framework of the logical-physical two-layer network model, a logical layer network is used for describing processes or rules for each device in the system to execute tasks and implement functions, and a physical layer network is used for describing physical communication connections for information transmission among the devices in the system.
The method comprises the steps of obtaining physical nodes and physical links of the double-layer network according to the equipment and the physical communication connection condition between the equipment, and obtaining logical nodes and logical layer edges according to the functions of the equipment and the interrelation of the equipment when the equipment executes tasks, so that the logical-physical double-layer network corresponding to the equipment network is obtained.
And 204, acquiring the cost value of the physical layer path, and constructing a two-layer planning objective function taking the blocking decision variable of the defender on the physical layer network and the selection decision variable of the attacking party on the link selected by the physical layer network as parameters.
When the cost value of the physical layer path is the cost value of the attack, the physical layer link cost is not cumulatively added any more, but can be calculated only once. The game problem comprises a defending party and an attacking party, and the two parties carry out single round of zero sum game. The defending party deploys defense blocking measures in the physical layer network firstly, and then the attacking party takes action to occupy some physical links so as to realize certain functions endowed by the logic network. An aggressor may implement a system function by controlling the logical path from a start node s to a target node t in the logical layer. In order to control a logical path, the physical link that an attacker takes needs to be able to connect all the nodes that this logical path contains in the physical layer network. The goal of the aggressor is to minimize the total cost of attacking the physical network while implementing the logical functions. The blocking measures taken by the defender can increase the cost of the attack of the attacking party, but the defense strategy of the defender cannot exceed the limit of the total blocking resources. The defender targets optimal allocation blocking measures to maximize the total cost of the attacker. The total attack cost of an attacking party in game balance is a function related to a blocking decision of a defending party and a link selection decision of the attacking party self physical layer. In the two-layer planning objective function, a selection decision variable of an attacking party in a physical layer network selecting link is an inner-layer decision variable, and a blocking decision variable of a defending party in the physical layer network is an outer-layer decision variable.
And step 206, constructing a logical layer link selection constraint function of the link selected by the aggressor in the logical layer network according to the link in the logical layer network.
The link selected by the attacking party in the logical layer network is a logical layer link which determines a starting point and an end point, and the constraint of the link can be represented by a flow balance constraint.
And 208, constructing a physical layer link selection constraint function of the link selected by the aggressor in the physical layer network according to the link in the physical layer network.
The link that the aggressor takes in the physical layer needs to contain the logical layer node included in the logical layer link selected to implement the logical layer function, mapped to all physical layer nodes in the physical layer. Because the cost value of the set physical layer path is the cost value of the attack, the link which the attacking party needs to attack on the physical layer network forms a tree structure instead of the path. In the optimization case, the attacker will select the tree-like connected structure with the minimum total cost, i.e. the minimum Steiner tree containing a specific node set as the actual attack target of the physical layer.
And step 210, obtaining a double-layer planning model for the minimum Steiner tree blocking of the double-layer network according to a double-layer planning objective function, a logic layer link selection constraint function, a physical layer link selection constraint function and a preset blocking resource total amount.
The double-layer planning model comprises a double-layer planning objective function, a logic layer link selection constraint function, a physical layer link selection constraint function and a preset blocking resource total amount constraint condition. The two-layer planning objective function shows that the total attack cost of an attacking party in game balance is a function related to a blocking decision of a defending party and a selection decision of a physical layer link of the attacking party, the attacking party selects a path on a logic layer, a feasible path set of the logic layer is related to a starting point and a target point, and the physical layer link selected and attacked by the attacking party needs to meet the requirement of containing nodes brought by the logic layer path.
And 212, solving the double-layer planning model, and obtaining a blocking strategy of the defender in the physical layer network according to a solving result.
The goal of the aggressor is to minimize the total cost of attacking the physical network while implementing the logical functions. The blocking strategy adopted by the defender is to increase the attack and occupation cost of an attacking party under the condition that the defense strategy does not exceed the limit of the total blocking resource amount, and the aim of optimally distributing blocking measures is taken to maximize the total cost of an attacker.
In the method for blocking the minimum Steiner tree of the double-layer network, a physical layer network and a logical layer network of the layered network are obtained through equipment, communication links between the equipment, equipment logical functions and logical relations between the equipment, a two-layer planning objective function with blocking decision variables of a defending party on the physical layer network and selection decision variables of an attacking party on links selected by the physical layer network as parameters, a logical layer link selection constraint function of the attacking party on the links selected by the logical layer network, a physical layer link selection constraint function of the attacking party on the links selected by the physical layer network are constructed, a double-layer planning model for blocking the minimum Steiner tree of the double-layer network is obtained according to the two-layer planning objective function, the logical layer link selection constraint function, the physical layer link selection constraint function and the preset blocking resource total amount, and then the double-layer planning model is solved, and obtaining a blocking strategy of the defender on the physical layer network. The method and the device utilize the corresponding relation between the logic layer and the physical layer in the double-layer network, and obtain the shortest path of the physical layer to be selected by the attacking party according to the logic function aimed by the game of the attacking and defending parties of the network, so that the defending party can maximize the attack and occupation cost of the current shortest physical path.
In one embodiment, the cost of the physical layer path is a single computational cost. Such as attack and occupation loss, maintenance capital and the like, all belong to single computational cost. The master-slave two-person zero-sum game problem on the logic-physical double-layer network is that a blocking layer is a physical layer and a target layer is a logic layer; when the cost of the physical layer link is the elapsed cost, the elapsed cost repeatedly passing through the same link is cumulative and can be added, so that when the shortest physical layer path corresponding to a certain logical layer link is calculated, the path mapping condition of other logical layer links does not need to be considered; when the cost of attacking the physical link is the attack cost, the physical link cost is not cumulatively added any more, but can be calculated only in a single time. This transition in network parameter settings can cause the blocking game of both parties to become a more complex logical-physical two-tier network minimum steiner tree blocking problem.
In one embodiment, the method further comprises the following steps: according to a two-layer planning objective function, a logic layer link selection constraint function, a physical layer link selection constraint function and a preset blocking resource total amount, obtaining a two-layer planning model for the minimum Steiner tree blocking of a two-layer network, wherein the two-layer planning model comprises the following steps:
Figure BDA0002826930550000101
Figure BDA0002826930550000102
Figure BDA0002826930550000103
θ=HTm (4)
Figure BDA0002826930550000104
Figure BDA0002826930550000105
Figure BDA0002826930550000106
Figure BDA0002826930550000107
Figure BDA0002826930550000108
Figure BDA0002826930550000109
wherein v is*Representing the two-layer planning objective function, and x represents a blocking decision variable of a defender at the second network layer; z represents a selection decision variable for an aggressor to select a link at the second network layer, ApRepresenting a set of edges in the second network layer, i, j being an integer, cijRepresenting an attack cost parameter, d, of a second link of the second set of linksijRepresents an increment, x, of a link cost of a second link of the second set of links due to blocking behaviorijDenotes the element in x, zijRepresenting elements in z, s represents the starting point of the link selected by the attacking party in the logic layer network, t represents the terminal point of the link selected by the attacking party in the logic layer network, y represents the link selected by the attacking party in the logic layer network, a and b are integers, y isab、ybaDenotes the element in y, AlRepresents a set of edges in the logical layer network,Nlrepresents a set of points in the logical layer network, m represents a set of nodes included in a link y in the logical layer networkaRepresenting elements in m, theta represents a node vector contained in a selected link in the physical layer network, and H is NlA transition matrix of x Np representing a correspondence between nodes in the logical layer network and nodes in the physical layer network, NpRepresenting a set of points in the physical layer network, k representing a node included in the physical layer network, θkDenotes the element in theta, fkA path variable representing a path from a start point to a point k in the physical-layer network,
Figure BDA0002826930550000111
denotes fkWherein R represents the total amount of blocked resources to the guardian, RijRepresenting element x in blocking decision variable xijThe corresponding blocked resource component.
The formula (1) is a two-layer planning objective function taking a blocking decision variable of a defender on a physical layer network and a selection decision variable of an aggressor on a link selected by the physical layer network as parameters, the formulas (2) to (3) are logic layer link selection constraint functions of the link selected by the aggressor on the logic layer network, the formula (4) is an indication vector theta converting an indication vector m of a logic layer node into an indication vector theta on the physical layer through a conversion matrix, the formulas (5) to (8) are physical layer link selection constraint functions of the link selected by the aggressor on the physical layer network, the formula (9) is a value range constraint of the blocking decision variable of the defender on the second network layer and is 0 or 1, and the formula (10) is a constraint of the total amount of blocking resources on the physical layer network.
In the blocking game considering the attack and occupation cost, in order for an attacker to achieve a t-u path on a logic layer, links of a physical layer needing to be attacked form a tree structure instead of a path. In the optimization case, the attacker will select the tree-like connected structure with the minimum total cost, i.e. the minimum Steiner tree containing a specific node set as the actual attack target of the physical layer.
The expression of the minimum steiner tree problem is as follows: giving a non-negative weight value of (N, A), wherein A is an edge set of the graph, and N is a point set of the graph;a given set of points T, wherein
Figure BDA0002826930550000112
The minimum steiner tree problem is to find the connection structure G with the minimum weight in the networktree=(Atree,Ntree) Which satisfies
Figure BDA0002826930550000113
The minimum steiner tree has a certain relation with the minimum spanning tree and the shortest path. When T ═ N, the minimum steiner tree problem degenerates to the minimum spanning tree problem; when | T | ═ 2, the minimum steiner tree problem degenerates to the shortest path problem. Both the minimum spanning tree problem and the shortest path problem are solvable in polynomial time, but the minimum steiner tree problem is NP-hard and has a high computational complexity.
In one embodiment, the blocking policy includes a shortest path of the physical layer network and a blocking resource configuration parameter that maximizes an attack cost value of the shortest path of the physical layer network, and after solving the double-layer planning model and obtaining the blocking policy of the defense party on the physical layer network according to a solution result, the method further includes: and performing path blocking on the shortest path according to the blocking resource configuration parameters.
In one embodiment, the method further comprises the steps of solving the double-layer planning model through a Benders decomposition algorithm, and obtaining a blocking strategy of the defender on the physical layer network according to a solving result.
It should be understood that, although the steps in the flowchart of fig. 2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 2 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 3, there is provided a two-layer network minimum steiner tree blocking apparatus, including: a network layer constructing module 302, a two-layer planning objective function constructing module 304, a logical layer link selection constraint function constructing module 306, a physical layer link selection constraint function constructing module 308, a two-layer planning model constructing module 310 and a blocking policy obtaining module 312, wherein:
a network layer constructing module 302, configured to obtain a physical layer network of a layer network according to a device accessed to the layer network and a communication link between the devices, and obtain a logical layer network of the layer network according to a logical function of the device and a logical relationship between the devices;
a two-layer planning objective function constructing module 304, configured to obtain an attack cost value of a physical layer path, and construct a two-layer planning objective function using a blocking decision variable of a defender on a physical layer network and a selection decision variable of an attacker selecting a link on the physical layer network as parameters;
a logical layer link selection constraint function construction module 306, configured to construct a logical layer link selection constraint function of a link selected by an aggressor in a logical layer network according to a link in the logical layer network;
a physical layer link selection constraint function construction module 308, configured to construct, according to a link in a physical layer network, a physical layer link selection constraint function of a link selected by an aggressor in the physical layer network;
the double-layer planning model building module 310 is configured to obtain a double-layer planning model for double-layer network minimum steiner tree blocking according to a double-layer planning objective function, a logical layer link selection constraint function, a physical layer link selection constraint function and a preset blocking resource total amount;
and the blocking strategy obtaining module 312 is configured to solve the double-layer planning model, and obtain a blocking strategy of the defender on the physical layer network according to a solution result.
The blocking policy obtaining module 312 is further configured to perform path blocking on the shortest path according to the blocking resource configuration parameter after solving the double-layer planning model and obtaining the blocking policy of the defender on the physical layer network according to the solving result.
The blocking strategy obtaining module 312 is further configured to solve the double-layer planning model through a benders decomposition algorithm, and obtain a blocking strategy of the defender on the physical layer network according to a solution result.
For the specific definition of the two-layer network minimum steiner tree blocking device, reference may be made to the above definition of the two-layer network minimum steiner tree blocking method, which is not described herein again. The modules in the above-mentioned two-layer network minimum steiner tree blocking device can be wholly or partially implemented by software, hardware and their combination. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a two-tier network minimum steiner tree blocking method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 4 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In an embodiment, a computer device is provided, comprising a memory storing a computer program and a processor implementing the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method for blocking a minimum Steiner tree in a double-layer network is characterized by comprising the following steps:
obtaining a physical layer network of a double-layer network according to a device accessed to the double-layer network and a communication link between the devices, and obtaining a logical layer network of the double-layer network according to a logical function of the device and a logical relationship between the devices;
acquiring the cost value of the physical layer path, and constructing a two-layer planning objective function with the blocking decision variable of a defender in the physical layer network and the selection decision variable of an aggressor in a link selected by the physical layer network as parameters;
constructing a logic layer link selection constraint function of the link selected by the aggressor in the logic layer network according to the link in the logic layer network;
constructing a physical layer link selection constraint function of a link selected by an aggressor in the physical layer network according to the link in the physical layer network;
obtaining a double-layer planning model blocked by the minimum Steiner tree of the double-layer network according to the two-layer planning objective function, the logic layer link selection constraint function, the physical layer link selection constraint function and the preset total blocking resources;
and solving the double-layer planning model, and obtaining a blocking strategy of the defender on the physical layer network according to a solving result.
2. The method of claim 1, wherein obtaining the cost-to-attack value of the physical layer path, and constructing a two-layer planning objective function with parameters of a blocking decision variable of a defender on the physical layer network and a selection decision variable of an aggressor on a link selected by the physical layer network, comprises:
acquiring the cost value of the physical layer path, and constructing a two-layer planning objective function with the blocking decision variable of a defender in the physical layer network and the selection decision variable of an aggressor in a link selected by the physical layer network as parameters as follows:
Figure FDA0002826930540000011
wherein v is*Representing the two-layer planning objective function, and x represents a blocking decision variable of a defender at the second network layer; z represents a selection decision variable for an aggressor to select a link at the second network layer, ApRepresenting a set of edges in the second network layer, i, j being an integer, cijRepresenting an attack cost parameter, d, of a second link of the second set of linksijRepresents an increment, x, of a link cost of a second link of the second set of links due to blocking behaviorijDenotes the element in x, zijRepresenting the elements in z.
3. The method of claim 1, wherein constructing a logical layer link selection constraint function for an aggressor on a link chosen by the logical layer network according to links in the logical layer network comprises:
according to the link in the logic layer network, constructing a logic layer link selection constraint function of the link selected by the aggressor in the logic layer network as follows:
Figure FDA0002826930540000021
Figure FDA0002826930540000022
wherein s represents the starting point of the link selected by the attacking party in the logic layer network, t represents the terminal point of the link selected by the attacking party in the logic layer network, y represents the link selected by the attacking party in the logic layer network, a and b are integers, y is the same as the integerab、ybaDenotes the element in y, AlRepresenting a set of edges, N, in the logical layer networklRepresents a set of points in the logical layer network, m represents a set of nodes included in a link y in the logical layer networkaRepresents an element in m.
4. The method of claim 1, wherein constructing a physical layer link selection constraint function for a link chosen by an aggressor in the physical layer network according to links in the physical layer network comprises:
according to the link in the physical layer network, constructing a physical layer link selection constraint function of the link selected by the aggressor in the physical layer network as follows:
θ=HTm
Figure FDA0002826930540000023
Figure FDA0002826930540000031
Figure FDA0002826930540000032
Figure FDA0002826930540000033
wherein, theta represents a node vector included in the selected link in the physical layer network, and H is NlA transition matrix of x Np representing a correspondence between nodes in the logical layer network and nodes in the physical layer network, NpRepresenting a set of points in the physical layer network, k representing a node included in the physical layer network, θkDenotes the element in theta, fkA path variable representing a path from a start point to a point k in the physical-layer network,
Figure FDA0002826930540000034
denotes fkOf (1).
5. The method of claim 1, wherein the blocking policy comprises a shortest path of the physical layer network and a blocking resource configuration parameter that maximizes a cost value of a shortest path attack of the physical layer network;
after solving the double-layer planning model and obtaining a blocking strategy of a defender on the physical layer network according to a solving result, the method further comprises the following steps:
and performing path blocking on the shortest path according to the blocking resource configuration parameters.
6. The method of claim 1, wherein solving the two-layer planning model to obtain a blocking policy of a defender on the physical-layer network according to a solution result, further comprises:
and solving the double-layer planning model through a Benders decomposition algorithm, and obtaining a blocking strategy of the defender on the physical layer network according to a solving result.
7. The method according to any one of claims 1 to 6, wherein the cost-to-attack value of the physical layer path is a single computational cost.
8. A two-layer network minimum steiner tree blocking apparatus, the apparatus comprising:
the network layer building module is used for obtaining a physical layer network of the layered network according to equipment accessed into the layered network and a communication link between the equipment, and obtaining a logical layer network of the layered network according to a logical function of the equipment and a logical relationship between the equipment;
the two-layer planning objective function building module is used for obtaining the attack cost value of the physical layer path and building a two-layer planning objective function with the blocking decision variable of a defender in the physical layer network and the selection decision variable of an attack party in a link selected by the physical layer network as parameters;
the logic layer link selection constraint function building module is used for building a logic layer link selection constraint function of a link selected by an attack party on a logic layer network according to the link in the logic layer network;
the physical layer link selection constraint function building module is used for building a physical layer link selection constraint function of a link selected by an attack party on a physical layer network according to the link in the physical layer network;
the double-layer planning model building module is used for obtaining a double-layer planning model blocked by the double-layer network minimum Steiner tree according to the two-layer planning objective function, the logic layer link selection constraint function, the physical layer link selection constraint function and the preset total blocking resources;
and the blocking strategy acquisition module is used for solving the double-layer planning model and obtaining a blocking strategy of the defender on the physical layer network according to a solving result.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202011432308.5A 2020-12-09 2020-12-09 Method and device for blocking minimum Steiner tree of double-layer network and computer equipment Active CN112565272B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011432308.5A CN112565272B (en) 2020-12-09 2020-12-09 Method and device for blocking minimum Steiner tree of double-layer network and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011432308.5A CN112565272B (en) 2020-12-09 2020-12-09 Method and device for blocking minimum Steiner tree of double-layer network and computer equipment

Publications (2)

Publication Number Publication Date
CN112565272A true CN112565272A (en) 2021-03-26
CN112565272B CN112565272B (en) 2022-05-17

Family

ID=75060046

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011432308.5A Active CN112565272B (en) 2020-12-09 2020-12-09 Method and device for blocking minimum Steiner tree of double-layer network and computer equipment

Country Status (1)

Country Link
CN (1) CN112565272B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113572690A (en) * 2021-06-11 2021-10-29 深圳市国电科技通信有限公司 Data transmission method for reliability-oriented electricity consumption information acquisition service
CN113904896A (en) * 2021-08-18 2022-01-07 北京市大数据中心 Three-network switching gateway for multi-element data fusion platform
CN114389990A (en) * 2022-01-07 2022-04-22 中国人民解放军国防科技大学 Shortest path blocking method and device based on deep reinforcement learning
CN114401200A (en) * 2022-01-14 2022-04-26 中国人民解放军国防科技大学 Backup network shortest path blocking method and device based on Bender decomposition algorithm
CN114401137A (en) * 2022-01-14 2022-04-26 中国人民解放军国防科技大学 Backup network shortest path blocking method and device based on dual algorithm
CN117278557A (en) * 2023-09-22 2023-12-22 山东未来网络研究院(紫金山实验室工业互联网创新应用基地) Wide area deterministic algorithm network scheduling method, system and medium based on double-layer planning

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108718310A (en) * 2018-05-18 2018-10-30 安徽继远软件有限公司 Multi-level attack signatures generation based on deep learning and malicious act recognition methods
CN111478811A (en) * 2020-04-07 2020-07-31 中国人民解放军国防科技大学 Network key point analysis method based on double-layer information flow transmission
CN111832138A (en) * 2020-05-19 2020-10-27 华电电力科学研究院有限公司 Regional pipe network topology optimization method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108718310A (en) * 2018-05-18 2018-10-30 安徽继远软件有限公司 Multi-level attack signatures generation based on deep learning and malicious act recognition methods
CN111478811A (en) * 2020-04-07 2020-07-31 中国人民解放军国防科技大学 Network key point analysis method based on double-layer information flow transmission
CN111832138A (en) * 2020-05-19 2020-10-27 华电电力科学研究院有限公司 Regional pipe network topology optimization method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
KAIMING XIAO 等: "Dynamic Defense Strategy against Stealth Malware Propagation in Cyber-Physical Systems", 《IEEE INFOCOM 2018 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS》 *
KAIMING XIAO 等: "The Bi-Objective Shortest Path Network Interdiction Problem: Subgraph Algorithm and Saturation Property", 《IEEE ACCESS 》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113572690A (en) * 2021-06-11 2021-10-29 深圳市国电科技通信有限公司 Data transmission method for reliability-oriented electricity consumption information acquisition service
CN113572690B (en) * 2021-06-11 2023-02-24 深圳市国电科技通信有限公司 Data transmission method for reliability-oriented electricity consumption information acquisition service
CN113904896A (en) * 2021-08-18 2022-01-07 北京市大数据中心 Three-network switching gateway for multi-element data fusion platform
CN113904896B (en) * 2021-08-18 2023-11-10 北京市大数据中心 Three-network switching gateway for multi-element data fusion platform
CN114389990A (en) * 2022-01-07 2022-04-22 中国人民解放军国防科技大学 Shortest path blocking method and device based on deep reinforcement learning
CN114401200A (en) * 2022-01-14 2022-04-26 中国人民解放军国防科技大学 Backup network shortest path blocking method and device based on Bender decomposition algorithm
CN114401137A (en) * 2022-01-14 2022-04-26 中国人民解放军国防科技大学 Backup network shortest path blocking method and device based on dual algorithm
CN114401137B (en) * 2022-01-14 2023-09-08 中国人民解放军国防科技大学 Backup network shortest path blocking method and device based on dual algorithm
CN114401200B (en) * 2022-01-14 2024-02-09 中国人民解放军国防科技大学 Backup network shortest path blocking method and device based on Bende decomposition algorithm
CN117278557A (en) * 2023-09-22 2023-12-22 山东未来网络研究院(紫金山实验室工业互联网创新应用基地) Wide area deterministic algorithm network scheduling method, system and medium based on double-layer planning
CN117278557B (en) * 2023-09-22 2024-05-17 山东未来网络研究院(紫金山实验室工业互联网创新应用基地) Wide area deterministic algorithm network scheduling method, system, device and medium based on double-layer planning

Also Published As

Publication number Publication date
CN112565272B (en) 2022-05-17

Similar Documents

Publication Publication Date Title
CN112565272B (en) Method and device for blocking minimum Steiner tree of double-layer network and computer equipment
Chen et al. Proflip: Targeted trojan attack with progressive bit flips
CN110929047A (en) Knowledge graph reasoning method and device concerning neighbor entities
CN110995520A (en) Network flow prediction method and device, computer equipment and readable storage medium
Akbarzadeh et al. Restless bandits with controlled restarts: Indexability and computation of Whittle index
Levitin et al. Optimal mission abort policies for multistate systems
CN111930932B (en) Knowledge graph representation learning method and device in network space security field
Rasouli et al. A supervisory control approach to dynamic cyber-security
Levitin et al. State-based mission abort policies for multistate systems
Rech Period-adding and spiral organization of the periodicity in a Hopfield neural network
Iannucci et al. A performance evaluation of deep reinforcement learning for model-based intrusion response
CN111611410A (en) Knowledge processing method and device based on multi-layer network space knowledge representation
CN110034961B (en) Seepage rate calculation method taking OODA chain as element
CN111934937B (en) Dependent network node importance degree evaluation method and device based on importance iteration
CN112765833B (en) Reliability modeling and evaluation method for dynamic tasks of redundant multi-stage task system
Caswell et al. Loopy neural nets: Imitating feedback loops in the human brain
CN110008076A (en) Processor reliability estimation method, device, electronic equipment and storage medium
Benmiloud Improved adaptive neuro-fuzzy inference system
CN106851689B (en) Multifactor method for allocating tasks in wireless sensor and actor network
CN114401137B (en) Backup network shortest path blocking method and device based on dual algorithm
CN114401200B (en) Backup network shortest path blocking method and device based on Bende decomposition algorithm
CN114257507A (en) Method for improving network information sharing level based on evolutionary game theory
CN112765491B (en) Link prediction method and device considering node local area link compactness
CN114389990A (en) Shortest path blocking method and device based on deep reinforcement learning
CN113342524A (en) Method, device, equipment and medium for analyzing reliability of combat system structure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant